From 2a505d023f95457f63a3975e386b95e8658928f4 Mon Sep 17 00:00:00 2001 From: Andrew Tridgell Date: Thu, 22 Aug 2002 22:48:54 +0000 Subject: added a 'net rpc samdump' command for dumping the whole sam via samsync operations (as a BDC) (This used to be commit e4cb106d2e3e6a41529369545a7a6ce5fe6d8986) --- source3/Makefile.in | 2 +- source3/rpc_client/cli_netlogon.c | 25 +++--- source3/rpc_parse/parse_net.c | 9 ++- source3/rpcclient/samsync.c | 4 +- source3/utils/net_rpc.c | 1 + source3/utils/net_rpc_samsync.c | 162 ++++++++++++++++++++++++++++++++++++++ 6 files changed, 184 insertions(+), 19 deletions(-) create mode 100644 source3/utils/net_rpc_samsync.c (limited to 'source3') diff --git a/source3/Makefile.in b/source3/Makefile.in index 009cd18228..788859a353 100644 --- a/source3/Makefile.in +++ b/source3/Makefile.in @@ -377,7 +377,7 @@ CLIENT_OBJ = $(CLIENT_OBJ1) $(PARAM_OBJ) $(LIBSMB_OBJ) $(UBIQX_OBJ) $(LIB_OBJ) \ $(READLINE_OBJ) NET_OBJ1 = utils/net.o utils/net_ads.o utils/net_ads_cldap.o utils/net_help.o \ - utils/net_rap.o utils/net_rpc.o \ + utils/net_rap.o utils/net_rpc.o utils/net_rpc_samsync.o \ utils/net_rpc_join.o utils/net_time.o utils/net_lookup.o NET_OBJ = $(NET_OBJ1) $(SECRETS_OBJ) $(LIBSMB_OBJ) \ diff --git a/source3/rpc_client/cli_netlogon.c b/source3/rpc_client/cli_netlogon.c index acc9135542..60048d189d 100644 --- a/source3/rpc_client/cli_netlogon.c +++ b/source3/rpc_client/cli_netlogon.c @@ -257,24 +257,23 @@ file. They should be combined at some stage. )-: static void gen_next_creds( struct cli_state *cli, DOM_CRED *new_clnt_cred) { - /* - * Create the new client credentials. - */ - - cli->clnt_cred.timestamp.time = time(NULL); - - memcpy(new_clnt_cred, &cli->clnt_cred, sizeof(*new_clnt_cred)); - - /* Calculate the new credentials. */ - cred_create(cli->sess_key, &(cli->clnt_cred.challenge), - new_clnt_cred->timestamp, &(new_clnt_cred->challenge)); + /* + * Create the new client credentials. + */ + + cli->clnt_cred.timestamp.time = time(NULL); + + memcpy(new_clnt_cred, &cli->clnt_cred, sizeof(*new_clnt_cred)); + /* Calculate the new credentials. */ + cred_create(cli->sess_key, &(cli->clnt_cred.challenge), + new_clnt_cred->timestamp, &(new_clnt_cred->challenge)); } /* Sam synchronisation */ NTSTATUS cli_netlogon_sam_sync(struct cli_state *cli, TALLOC_CTX *mem_ctx, DOM_CRED *ret_creds, - uint32 database_id, uint32 *num_deltas, + uint32 database_id, uint32 next_rid, uint32 *num_deltas, SAM_DELTA_HDR **hdr_deltas, SAM_DELTA_CTR **deltas) { @@ -297,7 +296,7 @@ NTSTATUS cli_netlogon_sam_sync(struct cli_state *cli, TALLOC_CTX *mem_ctx, DOM_C gen_next_creds(cli, &clnt_creds); init_net_q_sam_sync(&q, cli->srv_name_slash, cli->clnt_name_slash + 2, - &clnt_creds, ret_creds, database_id); + &clnt_creds, ret_creds, database_id, next_rid); /* Marshall data and send request */ diff --git a/source3/rpc_parse/parse_net.c b/source3/rpc_parse/parse_net.c index 7f8d1953d1..52cbc8e8df 100644 --- a/source3/rpc_parse/parse_net.c +++ b/source3/rpc_parse/parse_net.c @@ -1690,7 +1690,8 @@ makes a NET_Q_SAM_SYNC structure. ********************************************************************/ BOOL init_net_q_sam_sync(NET_Q_SAM_SYNC * q_s, const char *srv_name, const char *cli_name, DOM_CRED *cli_creds, - DOM_CRED *ret_creds, uint32 database_id) + DOM_CRED *ret_creds, uint32 database_id, + uint32 next_rid) { DEBUG(5, ("init_q_sam_sync\n")); @@ -1706,8 +1707,8 @@ BOOL init_net_q_sam_sync(NET_Q_SAM_SYNC * q_s, const char *srv_name, memset(&q_s->ret_creds, 0, sizeof(q_s->ret_creds)); q_s->database_id = database_id; - q_s->restart_state = 0; - q_s->sync_context = 0; + q_s->restart_state = 4; + q_s->sync_context = next_rid; q_s->max_size = 0xffff; return True; @@ -2785,6 +2786,8 @@ BOOL net_io_r_sam_sync(char *desc, uint8 sess_key[16], if (!prs_uint32("sync_context", ps, depth, &r_s->sync_context)) return False; + d_printf("Got sync context %u\n", r_s->sync_context); + if (!prs_uint32("ptr_deltas", ps, depth, &r_s->ptr_deltas)) return False; if (r_s->ptr_deltas != 0) diff --git a/source3/rpcclient/samsync.c b/source3/rpcclient/samsync.c index be3d4211e0..a8344cd5e2 100644 --- a/source3/rpcclient/samsync.c +++ b/source3/rpcclient/samsync.c @@ -394,7 +394,7 @@ static NTSTATUS sam_sync(struct cli_state *cli, unsigned char trust_passwd[16], /* Do sam synchronisation on the SAM database*/ - result = cli_netlogon_sam_sync(cli, mem_ctx, &ret_creds, 0, + result = cli_netlogon_sam_sync(cli, mem_ctx, &ret_creds, 0, 0, &num_deltas_0, &hdr_deltas_0, &deltas_0); @@ -415,7 +415,7 @@ static NTSTATUS sam_sync(struct cli_state *cli, unsigned char trust_passwd[16], #if 1 /* Do sam synchronisation on the LSA database */ - result = cli_netlogon_sam_sync(cli, mem_ctx, &ret_creds, 2, &num_deltas_2, &hdr_deltas_2, &deltas_2); + result = cli_netlogon_sam_sync(cli, mem_ctx, &ret_creds, 2, 0, &num_deltas_2, &hdr_deltas_2, &deltas_2); if (!NT_STATUS_IS_OK(result)) goto done; diff --git a/source3/utils/net_rpc.c b/source3/utils/net_rpc.c index df5b67372d..a7d2a08b38 100644 --- a/source3/utils/net_rpc.c +++ b/source3/utils/net_rpc.c @@ -2245,6 +2245,7 @@ int net_rpc(int argc, const char **argv) {"trustdom", rpc_trustdom}, {"abortshutdown", rpc_shutdown_abort}, {"shutdown", rpc_shutdown}, + {"samdump", rpc_samdump}, {"getsid", net_rpc_getsid}, {"help", net_rpc_help}, {NULL, NULL} diff --git a/source3/utils/net_rpc_samsync.c b/source3/utils/net_rpc_samsync.c new file mode 100644 index 0000000000..44c3fdb26a --- /dev/null +++ b/source3/utils/net_rpc_samsync.c @@ -0,0 +1,162 @@ +/* + Unix SMB/CIFS implementation. + dump the remote SAM using rpc samsync operations + + Copyright (C) Andrew Tridgell 2002 + Copyright (C) Tim Potter 2001,2002 + + This program is free software; you can redistribute it and/or modify + it under the terms of the GNU General Public License as published by + the Free Software Foundation; either version 2 of the License, or + (at your option) any later version. + + This program is distributed in the hope that it will be useful, + but WITHOUT ANY WARRANTY; without even the implied warranty of + MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + GNU General Public License for more details. + + You should have received a copy of the GNU General Public License + along with this program; if not, write to the Free Software + Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. +*/ + +#include "includes.h" +#include "../utils/net.h" + +static void display_group_mem_info(uint32 rid, SAM_GROUP_MEM_INFO *g) +{ + int i; + d_printf("Group mem %u: ", rid); + for (i=0;inum_members;i++) { + d_printf("%u ", g->rids[i]); + } + d_printf("\n"); +} + +static void display_alias_info(uint32 rid, SAM_ALIAS_INFO *a) +{ + d_printf("Alias '%s' ", unistr2_static(&a->uni_als_name)); + d_printf("desc='%s' rid=%u\n", unistr2_static(&a->uni_als_desc), a->als_rid); +} + +static void display_alias_mem(uint32 rid, SAM_ALIAS_MEM_INFO *a) +{ + int i; + d_printf("Alias rid %u: ", rid); + for (i=0;inum_sids;i++) { + d_printf("%s ", sid_string_static(&a->sids[i].sid)); + } + d_printf("\n"); +} + +static void display_account_info(uint32 rid, SAM_ACCOUNT_INFO *a) +{ + fstring hex_nt_passwd, hex_lm_passwd; + uchar lm_passwd[16], nt_passwd[16]; + + /* Decode hashes from password hash */ + sam_pwd_hash(a->user_rid, a->pass.buf_lm_pwd, lm_passwd, 0); + sam_pwd_hash(a->user_rid, a->pass.buf_nt_pwd, nt_passwd, 0); + + /* Encode as strings */ + smbpasswd_sethexpwd(hex_lm_passwd, lm_passwd, a->acb_info); + smbpasswd_sethexpwd(hex_nt_passwd, nt_passwd, a->acb_info); + + printf("%s:%d:%s:%s:%s:LCT-0\n", unistr2_static(&a->uni_acct_name), + a->user_rid, hex_lm_passwd, hex_nt_passwd, + smbpasswd_encode_acb_info(a->acb_info)); +} + +static void display_sam_entry(SAM_DELTA_HDR *hdr_delta, SAM_DELTA_CTR *delta) +{ + switch (hdr_delta->type) { + case SAM_DELTA_ACCOUNT_INFO: + display_account_info(hdr_delta->target_rid, &delta->account_info); + break; + case SAM_DELTA_GROUP_MEM: + display_group_mem_info(hdr_delta->target_rid, &delta->grp_mem_info); + break; + case SAM_DELTA_ALIAS_INFO: + display_alias_info(hdr_delta->target_rid, &delta->alias_info); + break; + case SAM_DELTA_ALIAS_MEM: + display_alias_mem(hdr_delta->target_rid, &delta->als_mem_info); + break; + default: + d_printf("Unknown delta record type %d\n", hdr_delta->type); + break; + } +} + +/* dump sam database via samsync rpc calls */ +int rpc_samdump(int argc, const char **argv) +{ + TALLOC_CTX *mem_ctx = NULL; + SAM_DELTA_HDR *hdr_deltas; + SAM_DELTA_CTR *deltas; + uint32 num_deltas; + NTSTATUS result; + int i; + unsigned last_rid=0; + DOM_CRED ret_creds; + struct cli_state *cli = NULL; + uchar trust_password[16]; + + /* Connect to remote machine */ + if (!(cli = net_make_ipc_connection(NET_FLAGS_ANONYMOUS | NET_FLAGS_PDC))) { + return 1; + } + + if (!cli_nt_session_open(cli, PIPE_NETLOGON)) { + DEBUG(0,("Error connecting to NETLOGON pipe\n")); + goto fail; + } + + if (!secrets_fetch_trust_account_password(lp_workgroup(), trust_password, NULL)) { + d_printf("Could not retrieve domain trust secret"); + goto fail; + } + + result = cli_nt_setup_creds(cli, SEC_CHAN_BDC, trust_password); + if (!NT_STATUS_IS_OK(result)) { + d_printf("Failed to setup BDC creds\n"); + goto fail; + } + + if (!(mem_ctx = talloc_init())) { + DEBUG(0,("talloc_init failed\n")); + goto fail; + } + + /* on first call the returnAuthenticator is empty */ + memset(&ret_creds, 0, sizeof(ret_creds)); + + /* Do sam synchronisation on the SAM database*/ + do { + result = cli_netlogon_sam_sync(cli, mem_ctx, &ret_creds, SAM_DATABASE_DOMAIN, last_rid+1, + &num_deltas, &hdr_deltas, &deltas); + clnt_deal_with_creds(cli->sess_key, &(cli->clnt_cred), &ret_creds); + last_rid = 0; + for (i = 0; i < num_deltas; i++) { + display_sam_entry(&hdr_deltas[i], &deltas[i]); + last_rid = hdr_deltas[i].target_rid; + if (last_rid == 0) { + break; + } + } + } while (last_rid && NT_STATUS_EQUAL(result, STATUS_MORE_ENTRIES)); + + cli_nt_session_close(cli); + talloc_destroy(mem_ctx); + + return 0; + +fail: + if (cli) { + cli_nt_session_close(cli); + } + if (mem_ctx) { + talloc_destroy(mem_ctx); + } + return -1; +} -- cgit